WordPress 2.0.4 closes critical security hole
In the new version 2.0.4, the developers of the popular WordPress blog system have closed a security hole. Attackers could have been able to use this hole to hack vulnerable systems, although no further details are currently available.
Last week, former WordPress developer with the pseudonym "Dr Dave" warned of the weak point in his blog and advised users of WordPress to disable user registration for guests. Unfortunately, he did not provide any details about the flaw, not even in the FAQs for the advisory. Chief developer Matt Mullenweg has yet to respond to a query by heise Security about the flaw.
WordPress users should upgrade to the new version immediately because version 2.0.4 also patches more than 50 general flaws in the software according to a press release from the developers.
- Announcement of the new version of WordPress
- Download WordPress
- Upgrade instructions for installation